Windows Firewall Has A Backdoor

[mar]

Windows Firewall Has A Backdoor
Posted at 2005-02-19 20:00:00 GMT
http://habaneronetworks.com/viewArticle.php?ID=144

I was just poking around with the Windows Firewall on my system. When
I went to look at the exceptions, I was confronted with an entry that
I couldn't recognize, rk.exe. Rk.exe was allowed full access to and
from my computer. I did a quick search for rk.exe on the internet and
came across ProcessLibrary's website which stated the following about
rk.exe:

rk.exe is a process that belongs to a software from RelevantKnowledge.
The software monitors how you use the Internet as well as displays
various surveys in popup windows. This process should be removed to
protect your personal privacy. For more information visit their
privacy policy agreement at
http://www.relevantknowledge.com/Agreement.htm

Let's see, RelevantKnowledge, um, never heard of them, I know what
software I have installed, and none is from this company. Anyway, what
else does it say? Um, 'The software monitors how you use the
Internet', well, this can't be too good, ok then, how about 'displays
various surveys in popup windows'. so let's add it up:

Never heard of the company Bad
Monitors My Internet Activity Bad
Displays Popups Bad


Well, to me, this does look like spyware and adware. It is spyware
because it is monitoring and probably recording information about
where I am going and what I am doing on the Internet. It is also
adware because of the nice popups it will provide me.

Well, I actually have never seen any activity from rk.exe on my
system, and infact, the file doesn't even exist. I must have cleaned
it out with a spyware remover like, AdAware or Webroot's Spysweeper.
The point of the matter is that this entry has found it's way into my
Windows Internet Connection Firewall Exceptions list without my
knowledge. And as it turns out, isn't that hard to do.

As long as the person currently logged into the computer has
Administrative privileges, an application can easily add an entry into
the
HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/AuthorizedApplications/List/
key that will allow any application full rights to and from the
computer without the user's interaction or knowledge.


Just because you think that Microsoft and their supposedly secure
Windows Firewall is running doesn't mean that you're safe. You must
check the settings of the firewall regularily. Always scan your system
at the minimum once a week with the anti-spyware tools and ensure that
you run SpywareBlaster everytime you use your computer.

For more information about SpywareBlaster please visit here, for more
information about anti-spyware and anti-adware products, please read a
full review of the top 5 ad / spyware fighters at:
http://habaneronetworks.com/viewArticle.php?ID=95.


If you are currently using Window's own firewall to protect you,
either ensure that there are no unknown exceptions or find a better
firewall.


PS. If you are ever unsure about a process, head on over to Process
Library and search for the running processes name.


I have added another article that explains that Microsoft's
AntiSpyware Beta also ignores any changes to the registry for this
key.
You can read the article here
http://habaneronetworks.com/viewArticle.php?ID=146

 

[Guest]

:

[...]

Just because you think that Microsoft and their supposedly secure
Windows Firewall is running doesn't mean that you're safe. You must
check the settings of the firewall regularily. Always scan your system
at the minimum once a week with the anti-spyware tools and ensure that
you run SpywareBlaster everytime you use your computer.

Well, duh! No one contends that the Windows firewall should be your only
line of defense to crudware. It blocks unauthorized inbound communications
and renders your computer essentially invisible over the Internet, but it
won't protect the user from his own stupidity (or ignorance, if "stupidity"
is too harsh a term for you) in allowing his system to be compromised from
within by downloading and installing crudware himself. This is why antivirus
and antispyware software is also necessary, and above all the user himself
needs to take personal responsibility for learning how to operate his
computer safely and securely in order to avoid downloading and installing the
crudware in the first place. An ounce of prevention is worth a pound of
cure.

If you are currently using Window's own firewall to protect you,
either ensure that there are no unknown exceptions or find a better
firewall.

For people who already know how to keep their computer secure from crudware,
the Windows firewall, properly configured, is more than adequate as part of
an overall security strategy. Moreover, the user will avoid the many
problems, headaches, and other unwanted side effects -- evidenced by the vast
majority of firewall-related posts to these newsgroups -- associated with
installing and configuring (often overly aggressive) third party firewalls.
The purpose of a good firewall should be to make your computer invisible to
the Internet and keep unauthorized inbound communications from coming in --
not to tell you that you have already screwed the pooch by blocking outbound
communications from crudware that you, the user, stupidly allowed to
penetrate his machine.

[...]

Ken

 

[Plato]

Windows Firewall Has A Backdoor

People think that just because they put a condom on they can play in the
red light district and feel perfectly safe. Not true in that example and
not true when using a pc with protection.

 

[george]

Windows Firewall Has A Backdoor
Posted at 2005-02-19 20:00:00 GMT
http://habaneronetworks.com/viewArticle.php?ID=144

I was just poking around with the Windows Firewall on my system. When
I went to look at the exceptions, I was confronted with an entry that
I couldn't recognize, rk.exe. Rk.exe was allowed full access to and
from my computer. I did a quick search for rk.exe on the internet and
came across ProcessLibrary's website which stated the following about
rk.exe:

rk.exe is a process that belongs to a software from RelevantKnowledge.
The software monitors how you use the Internet as well as displays
various surveys in popup windows. This process should be removed to
protect your personal privacy. For more information visit their
privacy policy agreement at
http://www.relevantknowledge.com/Agreement.htm

Let's see, RelevantKnowledge, um, never heard of them, I know what
software I have installed, and none is from this company. Anyway, what
else does it say? Um, 'The software monitors how you use the
Internet', well, this can't be too good, ok then, how about 'displays
various surveys in popup windows'. so let's add it up:

Never heard of the company Bad
Monitors My Internet Activity Bad
Displays Popups Bad


Well, to me, this does look like spyware and adware. It is spyware
because it is monitoring and probably recording information about
where I am going and what I am doing on the Internet. It is also
adware because of the nice popups it will provide me.

Well, I actually have never seen any activity from rk.exe on my
system, and infact, the file doesn't even exist. I must have cleaned
it out with a spyware remover like, AdAware or Webroot's Spysweeper.
The point of the matter is that this entry has found it's way into my
Windows Internet Connection Firewall Exceptions list without my
knowledge. And as it turns out, isn't that hard to do.

As long as the person currently logged into the computer has
Administrative privileges, an application can easily add an entry into
the
HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/AuthorizedApplications/List/
key that will allow any application full rights to and from the
computer without the user's interaction or knowledge.


Just because you think that Microsoft and their supposedly secure
Windows Firewall is running doesn't mean that you're safe. You must
check the settings of the firewall regularily. Always scan your system
at the minimum once a week with the anti-spyware tools and ensure that
you run SpywareBlaster everytime you use your computer.

For more information about SpywareBlaster please visit here, for more
information about anti-spyware and anti-adware products, please read a
full review of the top 5 ad / spyware fighters at:
http://habaneronetworks.com/viewArticle.php?ID=95.


If you are currently using Window's own firewall to protect you,
either ensure that there are no unknown exceptions or find a better
firewall.


PS. If you are ever unsure about a process, head on over to Process
Library and search for the running processes name.


I have added another article that explains that Microsoft's
AntiSpyware Beta also ignores any changes to the registry for this
key.
You can read the article here
http://habaneronetworks.com/viewArticle.php?ID=146

Be sure to point the finger in the right direction.....
Windows Firewall, nor any other for that matter, is no excuse for stopping
to think about what you're doing and just blindly carry on.

Errorcode: PEBKM

(Problem Exists Between Keyboard and Monitor)

)

George

 

[Marko Jotic]

any firewall would have been compromised, although a full firewall would
have shown outgoing activity and in effect alerted you to it.

the user must accept something to load spyware and that opens the door
in firewalls

Windows Firewall Has A Backdoor
Posted at 2005-02-19 20:00:00 GMT
http://habaneronetworks.com/viewArticle.php?ID=144

I was just poking around with the Windows Firewall on my system. When
I went to look at the exceptions, I was confronted with an entry that
I couldn't recognize, rk.exe. Rk.exe was allowed full access to and
from my computer. I did a quick search for rk.exe on the internet and
came across ProcessLibrary's website which stated the following about
rk.exe:

rk.exe is a process that belongs to a software from RelevantKnowledge.
The software monitors how you use the Internet as well as displays
various surveys in popup windows. This process should be removed to
protect your personal privacy. For more information visit their
privacy policy agreement at
http://www.relevantknowledge.com/Agreement.htm

Let's see, RelevantKnowledge, um, never heard of them, I know what
software I have installed, and none is from this company. Anyway, what
else does it say? Um, 'The software monitors how you use the
Internet', well, this can't be too good, ok then, how about 'displays
various surveys in popup windows'. so let's add it up:

Never heard of the company Bad
Monitors My Internet Activity Bad
Displays Popups Bad


Well, to me, this does look like spyware and adware. It is spyware
because it is monitoring and probably recording information about
where I am going and what I am doing on the Internet. It is also
adware because of the nice popups it will provide me.

Well, I actually have never seen any activity from rk.exe on my
system, and infact, the file doesn't even exist. I must have cleaned
it out with a spyware remover like, AdAware or Webroot's Spysweeper.
The point of the matter is that this entry has found it's way into my
Windows Internet Connection Firewall Exceptions list without my
knowledge. And as it turns out, isn't that hard to do.

As long as the person currently logged into the computer has
Administrative privileges, an application can easily add an entry into
the
HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/AuthorizedApplications/List/
key that will allow any application full rights to and from the
computer without the user's interaction or knowledge.


Just because you think that Microsoft and their supposedly secure
Windows Firewall is running doesn't mean that you're safe. You must
check the settings of the firewall regularily. Always scan your system
at the minimum once a week with the anti-spyware tools and ensure that
you run SpywareBlaster everytime you use your computer.

For more information about SpywareBlaster please visit here, for more
information about anti-spyware and anti-adware products, please read a
full review of the top 5 ad / spyware fighters at:
http://habaneronetworks.com/viewArticle.php?ID=95.


If you are currently using Window's own firewall to protect you,
either ensure that there are no unknown exceptions or find a better
firewall.


PS. If you are ever unsure about a process, head on over to Process
Library and search for the running processes name.


I have added another article that explains that Microsoft's
AntiSpyware Beta also ignores any changes to the registry for this
key.
You can read the article here
http://habaneronetworks.com/viewArticle.php?ID=146

--
Marko Jotic
"Common sense is anything but common".
From the notebooks of Lazarus Long. Robert A. Heinlein.
Handmade knives, antique designs, exotic materials at
http://www.knifeforging.com/

 

[Guest]

You mean, it isn't 100% safe? I'm going to turn off my PC until I get Bill
Gates to do something about this.

mar, you did exactly what you were supposed to. Looking through your machine
once in a while helps catch these sneaky programs.

 

[NobodyMan]

As long as the person currently logged into the computer has
Administrative privileges, an application can easily add an entry into
the
HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/AuthorizedApplications/List/
key that will allow any application full rights to and from the
computer without the user's interaction or knowledge.

Which is why you shouldn't routinely use an account that has
administrative rights while you are using your computer. I do LAN
Admin stuff at work, and I routinely use my regular account which
makes me an "ordinary" user. I only logon using my Admistrative
Privielges account IF I need to do something that requires them.

It's called safety and common sense.

 

[pjp]

Which is why you shouldn't routinely use an account that has
administrative rights while you are using your computer. I do LAN
Admin stuff at work, and I routinely use my regular account which
makes me an "ordinary" user. I only logon using my Admistrative
Privielges account IF I need to do something that requires them.

It's called safety and common sense.

Seems to me I walked away from Vax's etc. 20 years ago to get away from all
that "admin" versus "users" bs. and here it is back again just because the
people who've developed the most popular desktop pc OS can't seem to
actually create a version that isn't riddled with bugs.

 

[Stan Brown]

Which is why you shouldn't routinely use an account that has
administrative rights while you are using your computer. I do LAN
Admin stuff at work, and I routinely use my regular account which
makes me an "ordinary" user. I only logon using my Admistrative
Privielges account IF I need to do something that requires them.

And many such tasks don't even require logging on but can be done
as a "Runas".

 

[Plato]

the user must accept something to load spyware and that opens the door
in firewalls

Got teens?

 

[Kelly]

<LOL-LOL> This reply equals David C's about Norton!

--
All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

 

[george]

Seems to me I walked away from Vax's etc. 20 years ago to get away from
all that "admin" versus "users" bs. and here it is back again just because
the people who've developed the most popular desktop pc OS can't seem to
actually create a version that isn't riddled with bugs.

Which is what you get if the 'mental father' that was at the origin of this
product (Mr. Dave Cutler) has his roots in the VMS world, that apparently
was also suffering from the same problem. (that you tried to walk away
from!)
I remember David's 'joke' at the time, when asked about his goals and
intentions at MS was:
"I'm going to create a new OS that's one better then VMS"
Next thing we knew was an OS called WNT!

)
george

 

[Marko Jotic]

Got teens?

LOL, Nope but nearly every system I am asked to look at (so slow) has
got teens on them (I swear I didn't) and has tons of spyware (how did
that get in

--
Marko Jotic
"Common sense is anything but common".
From the notebooks of Lazarus Long. Robert A. Heinlein.
Handmade knives, antique designs, exotic materials at
http://www.knifeforging.com/

 

[Dan]

Now that is a real cause for concern. Thanks for the alert mar.

: Windows Firewall Has A Backdoor
: Posted at 2005-02-19 20:00:00 GMT
: http://habaneronetworks.com/viewArticle.php?ID=144
:
: I was just poking around with the Windows Firewall on my system. When
: I went to look at the exceptions, I was confronted with an entry that
: I couldn't recognize, rk.exe. Rk.exe was allowed full access to and
: from my computer. I did a quick search for rk.exe on the internet and
: came across ProcessLibrary's website which stated the following about
: rk.exe:
:
: rk.exe is a process that belongs to a software from RelevantKnowledge.
: The software monitors how you use the Internet as well as displays
: various surveys in popup windows. This process should be removed to
: protect your personal privacy. For more information visit their
: privacy policy agreement at
: http://www.relevantknowledge.com/Agreement.htm
:
: Let's see, RelevantKnowledge, um, never heard of them, I know what
: software I have installed, and none is from this company. Anyway, what
: else does it say? Um, 'The software monitors how you use the
: Internet', well, this can't be too good, ok then, how about 'displays
: various surveys in popup windows'. so let's add it up:
:
: Never heard of the company Bad
: Monitors My Internet Activity Bad
: Displays Popups Bad
:
:
: Well, to me, this does look like spyware and adware. It is spyware
: because it is monitoring and probably recording information about
: where I am going and what I am doing on the Internet. It is also
: adware because of the nice popups it will provide me.
:
: Well, I actually have never seen any activity from rk.exe on my
: system, and infact, the file doesn't even exist. I must have cleaned
: it out with a spyware remover like, AdAware or Webroot's Spysweeper.
: The point of the matter is that this entry has found it's way into my
: Windows Internet Connection Firewall Exceptions list without my
: knowledge. And as it turns out, isn't that hard to do.
:
: As long as the person currently logged into the computer has
: Administrative privileges, an application can easily add an entry into
: the
:
HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/Authori
zedApplications/List/
: key that will allow any application full rights to and from the
: computer without the user's interaction or knowledge.
:
:
: Just because you think that Microsoft and their supposedly secure
: Windows Firewall is running doesn't mean that you're safe. You must
: check the settings of the firewall regularily. Always scan your system
: at the minimum once a week with the anti-spyware tools and ensure that
: you run SpywareBlaster everytime you use your computer.
:
: For more information about SpywareBlaster please visit here, for more
: information about anti-spyware and anti-adware products, please read a
: full review of the top 5 ad / spyware fighters at:
: http://habaneronetworks.com/viewArticle.php?ID=95.
:
:
: If you are currently using Window's own firewall to protect you,
: either ensure that there are no unknown exceptions or find a better
: firewall.
:
:
: PS. If you are ever unsure about a process, head on over to Process
: Library and search for the running processes name.
:
:
: I have added another article that explains that Microsoft's
: AntiSpyware Beta also ignores any changes to the registry for this
: key.
: You can read the article here
: http://habaneronetworks.com/viewArticle.php?ID=146

 

[Guest]

before i read this post, i had never checked my exeptions on my firewall, i
found AswApp, any one know what it is, process library doesnt have it, or ,
maybe i dont know how to look for it, im rather new at puters.

 

[NotMe]

ASW?? Do you have weatherbug installed?
It is from ASW Convergance Technologies or such...